I have installed kibana and elasticsearch into K8s using helm chart.
I want to enable the x-pack to get user management and roles in the kibana dashboard, but without using the ssl and certificate configuration.
could any one provide me with the solution please.
You can not use authentication and role-based access controls in Elasticsearch without configuring SSL/TLS as this would lead to credentials being sent across the network to and between nodes in clear text.
but then I can't use these commands on kubernetes , I am new in all these maybe my questios seems stupid but I really don't know how to even get a path could you please help me
As far as I know you typically create certificates externally and then pass them into the containers as described in the docker image documentation. There may be other ways to do it I will have to leave it to others as I am not familiar with the helm charts.
I already created one and I would like to test it but can you please tell me where can I found this path /usr/share/elasticsearch/config because I couldn't access it through the shell
Follow this tutorial to enable user auth without configuring TLS/SSL. By setting discovery.type: single-node in Elasticsearch, you are bypassing the TLS/SSL requirements
However, I strongly recommend against doing so because user credentials are sent over HTTP in plaintext.
2019-06-25T10:20:56.882057213Z "Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory",
I
2019-06-25T10:20:56.882063036Z "at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:61) ~[?:?]",
I
2019-06-25T10:20:56.882068596Z "at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
I
2019-06-25T10:20:56.882074256Z "at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
I
2019-06-25T10:20:56.882079897Z "at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$2(SSLService.java:426) ~[?:?]",
I
2019-06-25T10:20:56.882085280Z "at java.util.HashMap.forEach(HashMap.java:1333) ~[?:?]",
I
2019-06-25T10:20:56.882120138Z "at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:423) ~[?:?]",
I
2019-06-25T10:20:56.882136977Z "at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
I
2019-06-25T10:20:56.882143717Z "at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]",
I
2019-06-25T10:20:56.882149641Z "at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
I
2019-06-25T10:20:56.882155163Z "at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
I
2019-06-25T10:20:56.882168785Z "at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
I
2019-06-25T10:20:56.882175111Z "at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
I
2019-06-25T10:20:56.882181018Z "at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
I
2019-06-25T10:20:56.882228253Z "at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882234700Z "at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882240443Z "at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882246040Z "at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882251927Z "at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882257697Z "at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882263355Z "at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882271710Z "at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882318705Z "at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
2019-06-25T10:20:56.882344091Z "at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
I
this is my configuration esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/ca.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/ca.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/ca.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/ca.p12
I used kubectl exec -it elasticsearch-master-0 -- /bin/bash to enter the container and generate certificate in the exact path /usr/share/elasticsearch/certs
The help charts repo uses elastic-certificates.p12 and you are using ca.p12
I don't know what's in your ca.p12 file, but given the name, I'm guessing that it holds your CA certificate & key, in which case that is the wrong thing to do.
The error you are running into has more details than you've provide us. I don't know why your log seem to be cut-off at the point it is, but I really need to see the rest of the error message in order to be able to understand what's causing your problem.
We can solve this, but only if you provide us with the information that we need. Almost all of your replies have been 1 sentence answers, and it's just not enough information for us to help you out. If you want to work this issue out, then you need to do the work so that we can understand the details of what's going on.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.